e.l.f. Beauty, Inc. builds brands designed to disrupt industry norms, shape culture, and connect communities through positivity, inclusivity, and accessibility. Our deep commitment to clean, cruelty-free beauty at an incredible value has fueled the success of our flagship brand e.l.f. Cosmetics since 2004 and driven our portfolio expansion.

The Company's family of brands includes e.l.f. Cosmetics, e.l.f. SKIN, Naturium, Well People and Keys Soulcare. The Company's brands are available online and across leading beauty, mass-market and specialty retailers. The Company has strong relationships with its retail customers such as Target, Walmart, Ulta Beauty and other leading retailers that have enabled the Company to expand distribution both domestically and internationally.

Business/Financial Highlights :

e.l.f. Beauty, Inc. is publicly traded (NYSE: ELF) and has annual revenues of over ~$1billion, a market cap of ~$10B and is a member of the S&P 600. Business and financial highlights include :

- 21 consecutive quarters of net sales growth.

- 3 mass cosmetics brand in the US with a 10% share and the fastest growing brand among the top 5.

- Named Beauty Brand of the Year 2023 by Womens Wear Daily.

- Recognized in 2023 as one of the 10 Most Innovative Companies in Beauty by Fast Company magazine

Culture and Compensation :

We believe the combination of our high-performance team culture, total compensation, workplace flexibility and care for the team is unmatched. We have a one team, one dream total compensation philosophy where all employees can participate in our business success. In addition to competitive pay and benefits, we are proud of the following :

- All employees are on the same bonus plan tied to our financial performance. Our bonus plan has paid 200% of target in each of the last three years

- All employees receive equity at e.l.f. This includes a new hire grant and eligibility for an annual refresh grant.

- Hybrid work environment

Position Summary :

We are seeking a highly skilled and proactive Application Security Engineer to join our growing security team. You will be responsible for securing our applications throughout the software development lifecycle (SDLC).

This includes identifying vulnerabilities, working with development teams to remediate risks, and implementing security best practices and tools to ensure our applications are robust, secure, and compliant with relevant standards

Role & responsibilities :

- Perform manual and automated security assessments of web, mobile, and cloud applications

- Collaborate with development and engineering teams to embed security into SDLC (DevSecOps)

- Conduct secure code reviews, threat modeling exercises, and risk assessments to identify security weaknesses in application design.

- Implement and manage application security tools (SAST, DAST, SCA, IAST)

- Design and enforce security policies, standards, and procedures for application development

- Monitor, triage, and respond to application-layer vulnerabilities and incidents

- Work closely with QA and engineering teams to drive security testing and fix validation

- Lead the Incident Response effort for application-related security events.

- Stay current on the latest security threats, vulnerabilities, and industry's best practices

- Conduct developer training and promote a security-first culture within engineering

- Cross-train team members on Application Security principles.

- Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management.

Preferred candidate profile :

- Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).

- 3+ years in application security, secure software development, and penetration testing.

- Strong understanding of web technologies (HTML, JavaScript, Python, REST APIs, etc.).

- Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/CD pipelines for automated security testing.

- Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices.

- Knowledge of cloud environments (AWS, Azure, GCP) and their security features.

- Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

Preferred Qualifications :

- Industry certifications such as CSSLP, GWAPT, OSCP, or CEH

- Experience with container security and CI/CD pipeline integration

- Familiarity with regulatory and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS)

- Prior experience working in agile, DevOps, or fast-paced development environments